AMENDMENTS TO THE CLAIMS 



Please accept amended Claims 11, 16-19, 22 and 23 as follows. 
Listing of claims. 
1-10. (Cancelled) 

11. (Currently Amended) A method for ensuring that a processor will execute only authorized 
boot code, said method comprising: 

reading a certificate including a first public key into a protected memory; 

validating said certificate with a second public key permanently stored on said processor; 

reading a signed authorized boot code into said protected memory, wherein said protected 
memory is cryptographically protected; 

preparing lo execute sai d signed authorized code from t he protected memory-by verifying 
a digital signature used to sign said signed authorized boot code in accordance with said first 
public key; and 

executing, by the processor, said signed aulhori/ed boot code having a verified digital 
signature by branching to a copy of said signed authorized boot code in said protected memory^ 
said signed aulhori/ed boot code including instructions for performing a boot process for a 
computer device comprising the processor, wherein said digital signature o f said signed 
authorized boot code is previously verified to begin execution and executing further comprises 
performing inline decryption of the copy of said signed authorized boot code in said protected 
memory upon verifying said digital signature . 



12. (Cancelled) 



2 



13. (Previously Presented) A method as recited in claim 1 1 wherein the integrity of the contents 
of said protected memory is protected by encryption using a cryptographic key stored on said 
processor. 

14. (Original) A method as recited in claim 1 1 wherein said protected memory is physically 
protected. 

15. (Cancelled) 

16. (Currently Amended) A method as recited in claim 1 1 wherein the integrity of said 
authorized boot code is protected at run lime. 

17. (Currently Amended) A method as recited in claim 16 wherein the integrity of said 
authorized boot code is protected with symmetric key encryption. 

18. (Currently Amended) A method as recited in claim 1 1 wherein the privacy of said authorized 
boot code is protected at run time. 

19. (Currently Amended) A method as recited in claim 18 wherein the privacy of said authorized 
boot code is protected at run time with symmetric key encryption. 

20-21. (Cancelled) 

3 



22. (Currently Amended) A program storage device readable by machine, tangibly embodying a 
program of instructions executable by the machine to perform program steps for ensuring that a 
processor will execute only authorized code, the program steps comprising: 
reading a certificate including a first public key into a protected memory; 

validating said certificate with a second public key permanently stored on said processor; 

reading a signed authorized boot code into said protected memory, wherein said protected 
memory is cryptographically protected; 

a digital signature used to sign said signed authorized boot code in accordance with said first 
public key; and 

executing said signed aulhori/cd boot code having a verified digital signature by 
branching to a copy of said signed authorized boot code in said protected memory, said signed 
authorized boot eode including in structions for performing a bo ot process for a comp uter device 
comprising the processor, w herein said digital signature of said signed auihori/cd boot code is 
previously vcrilicd to b egin execution and executing further comprises performing inline 
decryption of the copy of said signed authorized boot code in said protected memory upon 



23. (Currently Amended) A computing device for securely executing authorized code, said 
computing device comprising: 

a protected memory for storing signed authorized code, which contains an original digital 
signature, wherein said protected memory is cryptographically protected; and 




a processor comprising inline cryptography and integrity hardware for executing boot 
code in signal communication with said protected memory for pr e paring to e x e cut e executing 
said signed authorized code from the protected memory by for booting the computing device 
after verifying that a digital signature contained in said signed authorized code is original in 
accordance with a first public key stored in said protected memory, said first public key validated 
by a second public key permanently stored on said processor, and if said original digital 
signatur e is v e rifi e d, th e n branching to a copy of said authorized code in said protected memory 
to begin the execution. 

24. (Previously Presented) A computing device as recited in claim 23 wherein the integrity of the 
contents of said protected memory is protected by encryption. 

25. (Previously Presented) A computing device as recited in claim 23 wherein said protected 
memory is physically protected. 

26. (Previously Presented) A computing device as recited in claim 23 wherein at least one of the 
integrity of said authorized code and the privacy of said authorized code is protected at run time. 

27. (Previously Presented) A computing device as recited in claim 23 wherein the integrity of 
said signed authorized code is protected at run time with symmetric key encryption. 

28. (Previously Presented) A computing device as recited in claim 23, wherein the privacy of 
said signed authorized code is protected at run time with symmetric key encryption. 



